*This article could be a summary of content for learning purposes. For more information and knowledge, read the original articles in the References section.
Azure AD Multi-Factor Authentication is a Microsoft service that provides multifactor authentication capabilities. Azure AD Multi-Factor Authentication enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.
These services provide Azure AD Multi-Factor Authentication capabilities:
Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.
Conditional Access helps IT administrators:
Conditional Access also provides a more granular multifactor authentication experience for users. For example, a user might not be challenged for second authentication factor if they’re at a known location. However, they might be challenged for a second authentication factor if their sign-in signals are unusual or they’re at an unexpected location.